Information Security Policy

Information Security Policy

The firm daily collects, stores, processes, and distributes information within the scope of its business operations. Protecting the information and its processing systems is of strategic importance for the firm to achieve its short- and long-term objectives.

The Management, acknowledging the criticality of the information and information systems in performing the firm’s business operations, supports and promotes actions aiming to safeguard these systems’ normal operation. The firm has thus developed and implements an Information Security Policy aiming to:

– Ensure the confidentiality, availability, and integrity of the information it manages.

– Protect the data subjects’ rights regarding data it processes within the scope of its business operations.

– Comply with the legal and regulatory requirements to which it is subject, as well as with the ISO 27001:2013 requirements.

– Promptly address incidents that may violate the Information Security.

For this reason:

– The organizational structures required for Insurance Security issues monitoring are defined.

– The technical measures for controlling and restricting access to information and information systems are defined.

– The information classification method depending on its importance and value is defined.

– The necessary actions for information protection during the stages of processing, storage and distribution are described.

– The methods for informing and training the firm’s employees and partners in Information Security issues are defined.

– The methods of addressing Information Security incidents are determined.

– The methods ensuring the safe continuation of the firm’s business operations in cases of information system failures or disasters are described.

The firm regularly conducts risk assessments related to Information Security and takes the necessary measures to address them. It implements a framework for the evaluation of the effectiveness of the Information Security procedures through which performance indicators are defined, their measurement methodology is described, periodic reports are produced and

reviewed by the firm’s Management aiming to continuously improve the system, which is a commitment of the Management.

The Information Security Officer is responsible for the control and monitoring of the policies and procedures related to the Information Security and for taking the necessary initiatives to eliminate all factors that may put the availability, integrity, and confidentiality of the firm’s information at risk.

All the firm’s employees and partners accessing information and information systems are responsible for adhering to the rules of the corporate Information Security Policy.

This policy is reviewed on a regular basis or in cases of significant changes, to ensure its continuous suitability, sufficiency, and effectiveness.